A virus spreading through an online automatic update service was detected on computers produced by Taiwanese technology company ASUS after one of the laptop maker’s servers was hacked last year, cybersecurity and anti-virus provider Kaspersky Lab announced Monday.
The Russian company said that they had identified through their antivirus software a malicious software that creates special security gaps called “backdoors” on 57,000 ASUS brand computers.
The company said this new threat called an “advanced persistent threat (APT)” had affected a large number of users with a method known as a “supply chain attack.”
Some 50 percent of the affected computers were owned by users from Russia, Germany, and France, experts from the company said, adding that the virus is believed to have infected about a million computers worldwide. Less than five percent of the computers affected were in the U.S.
“The trojanized utility was signed with a legitimate certificate and was hosted on the official Asus server dedicated to updates, and that allowed it to stay undetected for a long time,” Kaspersky said.
“We are not able to calculate the total count of affected users based only on our data; however, we estimate that the real scale of the problem is much bigger and is possibly affecting over a million users worldwide,” it added.
Kaspersky said that while it was too early to know who was behind the operation, it was consistent with a 2017 incident blamed by Microsoft on a Chinese state-backed group the company calls BARIUM.
Asus released a statement saying it had upgraded its software to “prevent any malicious manipulation in the form of software updates or other means”.
“ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed.”
AsusTek Computer Inc, the world’s fifth largest computer manufacturer, is a Taiwan-based multinational computer and phone hardware and electronics company.